An undisclosed number of Kickstarter users have been emailed with advice to reset their passwords after the company was made aware of a data breach that may have led to the disclosure of personal information.
Some time in the last 24 hours, Kickstarter updated their website to display a banner on the top of its site for logged-in users, advising them to change their password and providing a link to do so. The advice comes following a statement by Kickstarter - which was emailed to an undisclosed number of users - stating the company was made aware "by law enforcement officials" of hackers breaching their servers to steal account-related information. The advice also recommended users consider using tools such as 1Password or LastPass, which as well as offering storage to let you remember all your passwords, also include password generators to come up with randomised, highly-secure passwords (might I also recommend KeyPass, which does the same but also contains a meter telling you how "secure" any password you type in is likely to be?)
The following is the full text of the email as sent out by Kickstarter - I'll leave the explaining to them as it puts it better than I could myself:
"On Wednesday night, law enforcement officials contacted Kickstarter and alerted us that hackers had sought and gained unauthorized access to some of our customers' data. Upon learning this, we immediately closed the security breach and began strengthening security measures throughout the Kickstarter system.
No credit card data of any kind was accessed by hackers. There is no evidence of unauthorized activity of any kind on your account.
While no credit card data was accessed, some information about our customers was. Accessed information included usernames, email addresses, mailing addresses, phone numbers, and encrypted passwords. Actual passwords were not revealed, however it is possible for a malicious person with enough computing power to guess and crack an encrypted password, particularly a weak or obvious one.
As a precaution, we strongly recommend that you change the password of your Kickstarter account, and other accounts where you use this password.
To change your password, log in to your account at Kickstarter.com and look for the banner at the top of the page to create a new, secure password. We recommend you do the same on other sites where you use this password. For additional help with password security, we recommend tools like 1Password and LastPass.
We’re incredibly sorry that this happened. We set a very high bar for how we serve our community, and this incident is frustrating and upsetting. We have since improved our security procedures and systems in numerous ways, and we will continue to do so in the weeks and months to come. We are working closely with law enforcement, and we are doing everything in our power to prevent this from happening again.
Kickstarter is a vibrant community like no other, and we can’t thank you enough for being a part of it. Please let us know if you have any questions, comments, or concerns. You can reach us at [url=mailto:accountsecurity@kickstarter.com]accountsecurity@kickstarter.com[/url].
While it's disappointing to hear of any type of hack where data is stolen - and a sad reflection of the state of the world today that not even a website that exists to give those with ideas but no money to make them real, the chance to connect with their potential market and get the funding they need, is safe from being hacked - it's reassuring to see a company own up to the breach so quickly and waste no time in attempting to secure their service better and protect their users. I hope more companies learn from this example.